Nexus 5 Vulnerabilities Identified at Pwn2Own Conference
Several vulnerabilities were identified in the Google Nexus 5 smartphone at the annual Pwn2Own competition.
Hosted by HP Zero Day Initiative (ZDI), this event pays a BIG cash prizes to whitehat hackers who are able to infiltrate the security systems of mobile devices. But the Nexus 5 wasn’t the only device targeted at the competition. Whitehats successfully identified vulnerabilities in the Samsung Galaxy S5, Amazon Fire Phone, and iPhone 5S, attesting to the need for greater mobile security on smartphones.
Rules of the Pwn2Own competition are simple: whitehat hackers are eligible to receive a handsome cash reward if they identify a vulnerability and/or exploit and turn over the details to event organizers. Whitehats must also refrain from sharing the details of any vulnerabilities into the respective smartphone company has issued a fix.
The UK-based security firm MWR InfoSecurity won two awards at the Pwn2Own competition along with a cool $125,000 cash prize for identifying vulnerabilities in both the Samsung Galaxy S5 and Amazon Fire Phone. The group reportedly gained control of the devices using the mobile web browser and Near Field Communication (NFC) system. MWR Labs issued a statement soon after Day 1 of the event, saying it will notify Amazon and Samsung of these vulnerabilities and others that were identified by its members.
So, what type of vulnerabilities were identified in the Google Nexus 5? According to HP, Aperture Labs was able to force a Bluetooth paring between the Nexus 5 and another Android smartphone using the devices’ NFC system. Coincidentally, this is actually a sub-plot used in the TV show “Person of Interest.”
“Adam Laurie from the UK’s Aperture Labs stepped up in the fourth competition spot with another NFC attack that proves that life sometimes does imitate art. A two-bug exploit targeting NFC capabilities on the LG Nexus 5 (a Google-supported device) demonstrated a way to force BlueTooth pairing between phones – a plot point, as several observers noted, on the television show ‘Person of Interest‘,” wrote HP on its official company blog.
Should you be worried about the security of your Nexus 5? Not necessarily. The fact of the matter is that most smartphones and tablets have at least some vulnerabilities. If a device doesn’t have a vulnerability, it’s because the vulnerability hasn’t been discovered yet. With Google knowing about the forced Bluetooth pairing issue, it’s safe to assume a fix is currently in the works.
